squidGuard -- multiple vulnerabilities

Details

VuXML ID

692ab645-bf5d-11de-849b-00151797c2d4

Discovery

2009-10-15

Entry

2009-10-22

Modified

2010-05-06

SquidGuard website reports:

Patch 20091015 fixes one buffer overflow problem
in sgLog.c when overlong URLs are requested.
SquidGuard will then go into emergency mode were
no blocking occurs. This is not required in this
situation.

Patch 20091019 fixes two bypass problems with URLs
which length is close to the limit defined by MAX_BUF
(default: 4096) in squidGuard and MAX_URL (default:
4096 in squid 2.x and 8192 in squid 3.x) in squid.
For this kind of URLs the proxy request exceeds MAX_BUF
causing squidGuard to complain about not being able to
parse the squid request. Increasing the buffer limit
to be higher than the one defined in MAX_URL solves the
issue.